|
User-level security for DB2 is implemented via the standard IBM DB2 exit, DSN3SATH. DSN3SATH is present in the IBM DB2 sample library (for example, DSN610.DSNSAMP), which is supplied with DB2. This exit is called by DB2 when any task attempts to connect to DB2. |
Topics: |
This sample exit assumes that RACF is your site's primary security package. For sites using the CA-ACF2 security package, the vendor supplies DSN3SATH; for CA-TOP SECRET there is a usermod to the IBM-supplied exit.
The assembler program DSN3SATH must be modified, so that if a task tries to connect to DB2, the primary authorization ID is set to the userid in the MVS ACEE control block, established by the MSO region during the sign on process. If secondary authorization IDs are also in use, they may also need to be set for the MSO region. If the task attempting to connect to DB2 is not the MSO region, then the original DSN3SATH logic is used unchanged.
Information Builders provides the program load library supplied with the DB2 data adapter, which includes a load module called FOCDSN3, which resides in FOCSQL.LOAD. FOCDSN3 is used to set the proper primary authorization ID. (See Modifying DSN3SATH.)
Another program, FOCDSN4, is also provided in the FOCSQL.LOAD library and is used to set the proper secondary authorization ID(s) for RACF and CA-TOP SECRET. FOCDSN4 is not needed with CA-ACF2; the secondary authorization ID(s) will be set correctly without FOCDSN4.
| Information Builders |